مرکز مدیریت امداد و هماهنگی عملیات رخدادهای رایانه‌ای

ورود به حساب کاربری

‫ Adobe Reader / Acrobat Multiple Vulnerabilities

ID: IRCAD2015104109

Release Date: 2015-10-13

Software:

Adobe Acrobat DC 15.x

Adobe Acrobat Reader DC 15.x

Adobe Acrobat X 10.x

Adobe Acrobat XI 11.x

Adobe Reader X 10.x

Adobe Reader XI 11.x

Description:

Multiple vulnerabilities have been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

1) An error can be exploited to cause a buffer overflow and subsequently disclose certain information.

2) A use-after-free error when handling the WillSave document action can be exploited to corrupt memory.

3) A use-after-free error when handling OCG objects within the WillSave document action can be exploited to corrupt memory.

4) A use-after-free error within the "popUpMenuEx()" method can be exploited to corrupt memory.

5) A use-after-free error when handling PDF documents with media content related to the saving of a PDF document can be exploited to corrupt memory via a specially crafted PDF document.

6) A use-after-free error within the EScript exception handlers can be exploited to corrupt memory via a specially crafted PDF document.

7) A use-after-free error can be exploited to corrupt memory.

8) Another use-after-free error can be exploited to corrupt memory.

9) Another use-after-free error can be exploited to corrupt memory.

10) A use-after-free error when handling U3D objects can be exploited to corrupt memory.

11) A use-after-free error can be exploited to corrupt memory.

12) Another use-after-free error can be exploited to corrupt memory.

13) An error can be exploited to cause a heap-based buffer overflow.

14) An error related to AcroForm can be exploited to cause a heap-based buffer overflow.

15) A use-after-free error when handling certain fields related to the Format action can be exploited to corrupt memory via a specially crafted PDF document.

16) A use-after-free error when handling the "signatureSetSeedValue()" method can be exploited to corrupt memory.

17) An error when handling the fillColor attribute can be exploited to corrupt memory.

18) A use-after-free error when handling the value attribute related to listbox can be exploited to corrupt memory.

19) A use-after-free error when handling certain fields can be exploited to corrupt memory via a specially crafted PDF document.

20) An unspecified error can be exploited to corrupt memory.

Successful exploitation of the vulnerabilities #2 through #‫20 may allow execution of arbitrary code.

21) An error when handling excess values within the "addForegroundSprite()" function can be exploited to disclose certain information.

22) An error when handling excess values within the "setBackground()" function can be exploited to disclose certain information.

23) An error when handling excess values related to the ambientIlluminationColor property can be exploited to disclose certain information.

24) An error when handling excess values within the "createSquareMesh()" function can be exploited to disclose certain information.

25) An error when handling excess values within the "loadFlashMovie()" function can be exploited to disclose certain information.

26) An error when handling excess values related to the animations property can be exploited to disclose certain information.

27) An error within the implementation of color objects in light objects can be exploited to disclose the heap address of a color object.